July 3, 2026
FACTION Enterprise 1.8.9 — Multi-Format PenTest Reports, Encrypted PDFs, and Faster SSO
Your workflow shouldn’t slow you down when you’re already juggling assessments, client deadlines, and a team that needs answers fast. Over…

By Faction Security
3 min read
Your workflow shouldn't slow you down when you're already juggling assessments, client deadlines, and a team that needs answers fast. Over the past few months, we've been listening closely to your feedback. The small friction points, the manual workarounds, the moments where Faction got out of your way and the moments where it didn't.
This release is the result of your feedback. From previewing reports without leaving your browser, to generating Word and PDF formats in a single pass, to SSO flows that meet enterprise clients where they actually start — every change in this update came from something you told us.
Here's what's new.
Report Preview, Finally!
Every "just double-check this before it goes to the client" moment used to mean downloading the document, opening it in whatever's on your machine, and repeating that for every revision. Small friction, but it adds up across an assessment queue, and you ended up with several dead versions of a reports littering your download folder 😫.
Faction's Finalize feature now has a View Report button that slides out a report viewer panel right in the browser. No download, no separate app. It opens docked to the side so you can review the report while the rest of the assessment is still on screen, with a one-click expand if you need the full window to read it properly.
Generate Once, Download However Your Client Wants It
Report templates in Faction used to mean you choose one document format for the assessment type and its locked in forever. If you choose DOCX then you'd have to download and convert to other formats like PDF. If you choose PDF and needed to make changes to the final doc outside of faction then you'd have to have a PDF editor which is the worst with no way to go back to the DOCX for easy editing.
Now, report generation produces multiple variants automatically. When you finalize an assessment, Faction builds the Word version and the PDF version in the same pass, and the Finalize tab gives you a single download button with a dropdown for whichever format you need. Word, PDF, and Encrypted PDF!
If you need to make changes to the final report, you can download the DOCX, make those changes, and upload it via the new [Upload Report Feature](#Already Have a Report? Just Upload It) and it will then generate the PDF and Encrypted PDF from this new uploaded version.
Password-Protected PDFs
Client deliverables are sensitive. If you're emailing a pentest report, you'd have to encrypt it manually or find a secure document share while maintaining access for every client. It was always a manual step in the workflow and kind of a pain. So we built encryption directly into report generation to make sending this sensitive data to the client easy.
Pick Encrypted PDF from the new download dropdown, and Faction generates a real, PDFBox-encrypted document with a password available right on the Finalize tab. You just need copy it, send it separately from the report itself, done.
Already Have a Report? Just Upload It
Not every assessment in your program was run by your own team. Maybe it's a HackerOne engagement, a vendor pentest, or a report a client handed you from someone else's testing. Up to now, that meant it lived in a folder somewhere outside Faction while everything you actually generated lived inside it. That split makes it harder to answer the simple question every manager eventually asks: "show me every assessment we've had this year, regardless of who ran it."
Now you can attach that external report directly to an assessment record. Drop in the .docx or .pdf you were handed, and it shows up in the same Finalize download menu as your own generated reports — same tracking, same history, same place your team already looks.
SSO That Doesn't Assume Where Your Users Start
If you've rolled out SSO to an enterprise customer, you know IdP-Initiated flows are now non-negotiable. Alot of orgs expect users to click a tile in Okta or Azure AD and land inside the app, not get bounced back to a login page first. Faction's SSO now supports that: hitting /sso/saml or /sso/oidc directly works whether or not the user came from Faction's own login screen.
We also added GitHub and GitHub Enterprise as a login option. Faction checks the verified primary email on the GitHub account against your existing user records, so teams that already gate access through GitHub org membership get one less identity system to manage.